VIPRE is your best protection against recently reported vulnerability in IE 6, 7 and 8

A recently reported, zero-day vulnerability, in three versions of Internet Explorer (IE 6, IE 7 and IE 8), has been announced by Microsoft (Microsoft Security Advisory 2794220). You can read more about it here.

Zero-day attacks are threats that exploit a previously-known vulnerability in an application. Essentially, this means that the attack has occurred on “day zero” of the vulnerability, or earlier than many developers of the programs might have had the opportunity to uncover and patch.

According to Microsoft, “The vulnerability is a remote code execution vulnerability that exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated. The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer. An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website.”

The malicious files are detected by VIPRE® as Exploit.JS.ShellCode.cfr (v) and Exploit.HTML.MSA2794229.cfr (v).
At this time, Internet Explorer 9 and Internet Explorer 10 are not affected by the vulnerability.

To help combat this recently-reported threat, please ensure you are using threat definitions 14780 or higher. While VIPRE® automatically downloads and installs specific threat definitions on an hourly basis to uncover and guard against these types of attacks, you can proactively perform this step quite easily.

Here’s how:

Open VIPRE (right-click on the tray icon or double-click the desktop shortcut)

General Information

Executive Summary

Microsoft is aware of active attacks that leverage a vulnerability in Microsoft XML Core Services 3.0, 4.0, 5.0, and 6.0. The vulnerability could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker would have no way to force users to visit such a website. Instead, an attacker would have to convince users to visit the website, typically by getting them to click a link in an email message or Instant Messenger message that takes them to the attacker's website. The vulnerability affects all supported releases of Microsoft Windows, and all supported editions of Microsoft Office 2003 and Microsoft Office 2007.

The vulnerability exists when MSXML attempts to access an object in memory that has not been initialized, which may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the logged-on user.

Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers. This may include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs.

ThreatTrack Security protects its VIPRE Customers from this vulnerability with its definitions release 12057 and higher, under the detection name Exploit.HTML.CVE.2012.1875 and/or Exploit.JS.ShellCode.av.

References

Vulnerability in TrueType Font Parsing Could Allow Elevation of Privilege

Published: November 03, 2011 | Updated: November 08, 2011

General Information

Executive Summary

Microsoft is investigating a vulnerability in a Microsoft Windows component, the Win32k TrueType font parsing engine. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. The attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. We are aware of targeted attacks that try to use the reported vulnerability; overall, we see low customer impact at this time. This vulnerability is related to the Duqu malware.

Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers. This may include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs.

ThreatTrack Security protects its VIPRE Customers from this vulnerability with its definitions release 11005 and higher, under the detection name Exploit.TTF.CVE-2011-3402.